hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Enhance query ouput

Browse Source 
- add valuable text to assess the query results
- add an example of the output
This commit is contained in:
toufik-airane
2020-06-22 22:34:06 +02:00
parent 0f8879716f
commit f7cbc8a8d4
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql
View File

@@ -16,4 +16,5 @@ from CallNode call
where
call = moduleMember("jsonwebtoken", "verify").getACall() and
unique(boolean b | b = call.getArgument(1).analyze().getABooleanValue()) = false
select call
select call.getStartLine(), call,
"does not verify the JWT payload with a cryptographic secret or public key."

5
javascript/ql/src/experimental/Security/CWE-347/examples/results.txt Normal file
View File

@@ -0,0 +1,5 @@
| col0 | call | col2 |
+------+---------------------+----------------------------------------------------------------------------+
| 9 | jwt.ver ... ne"] }) | does not verify the JWT payload with a cryptographic secret or public key. |
| 10 | jwt.ver ... ne"] }) | does not verify the JWT payload with a cryptographic secret or public key. |
| 11 | jwt.ver ... ne"] }) | does not verify the JWT payload with a cryptographic secret or public key. |